Adobe Flash is under siege by malware called FinFisher. FinFisher exploits a zero-day vulnerability in Flash (CVE-2017-11292) and appears to have been released by a hacker group called BlackOasis. This vulnerability affects Adobe Flash version 18.104.22.168, allowing hackers to execute remote code commands for Windows, Mac, and Linux operating systems. Kaspersky has reported this vulnerability to Adobe some time early October.
BlackOasis, has been identified as the same group that exploited another Adobe zero-day vulnerability. They’re using the same command and control server as that exploit for the remote code executions of this new exploit. FinFisher has already affected many computers in Russia, Afghanistan, Libya, Nigeria, Jordan, Netherlands, UK, Angola, Iraq, and more.
FinFisher’s spying capabilities include enabling webcams without the victim’s knowledge, tracing keyboard strokes as the victim types, interrupting Skype calls, and exfiltrating files. To make its way into remote systems, this malware employs various attack vectors like spear phishing, manual installation onto device through physical contact, zero-day exploits, and waterhole attacks. Various programs like WhatsApp, Skype, VLC player, and WinRAR have also been found to be distributing FinFisher and FinSpy—an earlier iteration of FinFisher—across networks.
Adobe recently release a security update for this zero-day exploit, so update your version of Flash right away. And while you’re at it, instead of manually downloading and deploying the latest security patches, you can download, test, and deploy patches across your network using a patch management solution. The free version of Desktop Central, our patch management solution, can help you update up to twenty-five computers, with no additional charges.
If you are looking for a breakdown of October’s Patch Tuesday update and a list of security patches, please look into our exclusive blog on Microsoft Patch Tuesday for October 2017.